[Freeipa-devel] [PATCH] Updated default Kerberos password policy
Jan Zeleny
jzeleny at redhat.com
Wed Feb 16 18:50:38 UTC 2011
Rob Crittenden <rcritten at redhat.com> wrote:
> Jan Zelený wrote:
> > Jan Zeleny<jzeleny at redhat.com> wrote:
> >> Rob Crittenden<rcritten at redhat.com> wrote:
> >>> Jan Zelený wrote:
> >>>> https://fedorahosted.org/freeipa/ticket/930
> >>>>
> >>>> I put there a value Dmitri suggested. Feel free to change it before
> >>>> pushing if you think there should be the originally suggested 10 login
> >>>> attempts.
> >>>
> >>> We want to increase krbPwdLockoutDuration too, to 600.
> >>>
> >>> rob
> >>
> >> Sorry, I didn't realize it was in seconds. I just saw 10 and figured
> >> it's ok it's already there. Anyway, I'm sending the updated patch.
> >
> > Just a reminder that this patch needs to be re-reviewed.
> >
> > Thanks
> > Jan
>
> I think we need to fix this as an update file rather than changing the
> default install. It would look something like:
>
> dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
> replace:krbPwdLockoutDuration: 10: 600
> replace: krbPwdMaxFailure: 3: 6
>
> I'm ok with fixing it in both places.
>
> rob
Here it is, hopefully I got it right this time. I wasn't sure about the file
number, but from guidelines in README I guess it's ok.
Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jzeleny-freeipa-0039-3-Updated-default-Kerberos-password-policy.patch
Type: text/x-patch
Size: 1863 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110216/506f48e7/attachment.bin>
More information about the Freeipa-devel
mailing list